Nettitude Blog

In March 2018, Lloyd’s Register (LR) acquired cyber security specialists Nettitude. 

A cyber security government bill with unprecedented teeth?

The Singaporean Government have released a Cyber Security Bill that is signifying a step in change in the level of control and rigor being mandated from a legal and political perspective.

It's safe to say that 2017 has been an eventful year in the cyber security industry.  As well as a steadily growing number of breaches across a multitude of organizations and industries, there have been some pivotal moments that have had a significant impact on the cyber security industry as a whole. We've looked back over the last 12 months and have chosen the top 5 events that have shaped the industry.

Many organizations have gone out and bought SIEM appliances which are either in-house or outsourced to an external security operations center. We have highlighted the top five areas for organizations to review, when they deploy SIEM technology, or utilize a security operations center function. This guide is designed to help improve SIEM coverage, and provide confidence to the organization that they are getting the most from their security operations center providers.

There has been a theme for a while that categorizes security operations centers in to two categories of operation. Reactive capability, where the SOC purely reacts, and proactive capability, where the SOC has a proactive approach to identifying threats. Nettitude’s SOC harnesses both reactive and proactive approaches, however it also builds upon this through leveraging machine based learning to provide predictive capability.

As organizations become more dependent upon increasing amounts of data, many companies are hiring Chief Information Security Officers, (CISOs) to take on the responsibility of managing information security programs.

Many organizations will be familiar with the Verizon Data Breach Investigations Report, (DBIR) that is issued each year. A reoccurring theme within the report each year is to record the average amount of time it takes an organization to identify an attack, (or data breach) from the initial point that the intruder gained access to the network. This is often referred to as the dwell time.

The initial time that it takes to compromise an asset is usually managed in seconds. For spear phishing, this effectively suggests that a user will either decide to click or not click a link in an e-mail within a few seconds of reading it.

The amount of time it typically takes for data to be exfiltrated after an initial incident is measured in days. This means that after the initial compromise, an attacker will be resident within the network for a number of days before attempting to exfiltrate data.

Every organization that either builds a security operations center or subscribes to the services of a managed security services provider (MSSP) hopes that the SOC is able to prevent, detect and respond to cyber related attacks. However, there is huge amounts of variability in SOC services, and it is very common for organizations to build or leverage SOC services that are mismatched to the threats that they face.

A cyber breach is probably one of the most disturbing events that a CISO could encounter. Nettitude has worked with many organizations that have experienced cyber incidents, and provides consulting guidance to organizations to mitigate the threat from cybercrime. Here are our top five things that successful CISOs do to mitigate against the risk of a cyber breach.

We frequently get contacted by organizations after they have experienced a data breach.  All too frequently the incident comes as a complete shock, and the reason that they find out it because they are contacted by a 3^rd party.  We have compiled our top 5 reasons why organizations don’t detect a cyber breach.